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AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims; 
1-29. (Cancelled) 

30. (Currently Amended) In a network that includes a user computer, a web server and a 
third party, a method for mitigating a cross-site scripting attack by the third party on a response 
served by the web server to the user computer, the method comprising: 

receiving an HTTP request at the web server, the HTTP request having been sent 
by the user computer and requesting a response^ wherein the requested response that 
includ e s includes text and HTML elements , and wherein the HTTP request includes 
portions where user input is introduced and portions where no user input is introduced : 

before dynamic rendering of the HTTP request, using a script module of the 
server computer to examine the HTTP request for script constructs identified in an 
updateable list of markers of active content stored at the web server, wherein examining 
the HTTP request for script constructs consists of examining only HTML e l e m e nts wh e r e 
the portions of the HTTP request where user input is introduced; 

finding a script construct within a particular HTML element of a portion of the 
HTTP request where user input is introduced : 

in response to finding the script construct within th e particular HTML e l e m e nt , 
generating an error and aborting processing of the HTML r e qu e st H TTP request : and 

informing the user computer that the script construct has been found in the HTTP 
request; and 

requesting that the user computer resubmit a request. 

31. (Previously Presented) The method recited in claim 30, wherein the particular 
HTML element is an event. 

32. (Currently Amended) The method recited in claim 30 claim 31 , wherein the event is an 
onclick event. 
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33. (Previously Presented) The method recited in claim 30, wherein the particular 
HTML element is an expression. 

34. (Previously Presented) The method recited in claim 30, wherein the particular 
HTML element is a value of a name/value pair. 

35. (Previously Presented) The method recited in claim 30, wherein the particular 
HTML element is a value of a tag attribute/value pair. 

36. (Previously Presented) The method recited in claim 30, wherein the particular 
HTML element is an anchor in an href attribute. 

37. (Currently Amended) The method recited in claim 30, wherein the particular HTML 
element is an expression that calculates element size. 

38. (Cancelled). 

39. (Previously Presented) The method recited in claim 30, wherein receiving the 
HTTP request includes receiving and examining each of 

a query string; 

a field of an HTTP form; and 
a header. 
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40. (Currently Amended) The method recited in claim 30, wherein the particular H TML 
el e ments element of the portion of the HTTP request w here user input is introduced include at 

least one of 

form variables; 
query string variables; 
URLs with key value pairs; or 
headers. 

41 . (Currently Amended) The method recited in claim 30, fiirther comprising: 

fa-^^espeme- in response to finding the script construct within the particular HTML 
element, generating an error event and logging the error event for administrative review. 

42. (Previously Presented) The method recited in claim 40, wherein the error event is 
logged for administrative review. 

43. (Previously Presented) The method recited in claim 30, further comprising 
encoding user input to render the script construct inert. 
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44. (Previously Presented) A computer program product for use in a network that 
includes a user computer, a web server and a third party, the computer program product 
including computer-executable instructions stored on a computer-readable storage medium that, 
when executed by a processor, cause the web server to perform the method of claim 30. 
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45. (Currently Amended) In a network that includes a user computer, a web server and a 
third party, a method for mitigating a cross-site scripting attack by the third party on a response 
served by the web server to the user computer, the method comprising: 

maintaining, at the web-server, an updateable hst of script constructs; 

receiving an HTTP request at the web-server, wherein the HTTP request includes a 
r e qu e st for dynamic cont e nt in th e form of an embedded link; 

before dynamic rendering of the HTTP request, using a script module of the server 
computer to examine HTTP request to identify script constructs identified in the updateable list 
of script constructs, wherein examining the HTTP request to identify script constructs consists of 
examining only th e r e qu e st for dynamic cont e nt in th e form of th e e mb e dd e d link and oth e r 
HTML elements where user input is introduced , including at least the embedded link ; 

finding a script construct within th e r e qu e st for dynamic cont e nt in th e form of an 
embedded link; 

in response to finding the script construct, generating an error and aborting processing of 
the HTML r e qu e st H TTP request thereby refraining from executing any portion of the HTTP 
request; 

informing the user computer that the script construct has been found in the HTTP request; 

and 

requesting that the user computer resubmit a request. 



Page 7 of 13 



